Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Talos Report: Phishing Attacks Surged in Q1 2025

    Cindy Zhou | May 7, 2025

    Phishing StudentPhishing was the initial access vector in 50% of attacks during the first quarter of 2025, according to a new report from Cisco Talos.

    “Threat actors used phishing to achieve initial access in 50 percent of engagements, a notable increase from less than 10 percent last quarter,” Talos writes.

    “Vishing was the most common type of phishing attack seen, accounting for over 60 percent of all phishing engagements, though we also observed malicious attachments, malicious links, and business email compromise (BEC) attacks.

    Adversaries predominately leveraged phishing to gain access to a valid account, pivot deeper into the targeted network, and expand their foothold, contrasting other phishing objectives we have seen in the past such as eliciting sensitive information or monetary transfers.”

    Additionally, ransomware surged by 20%, accounting for half of Talos’s engagements in Q1 2025. A single campaign using the BlackBasta and Cactus ransomware made up 60% of these ransomware incidents, targeting manufacturing and construction organizations. These attacks began with voice phishing (vishing) attempts that tricked employees into granting access.

    “The attack chain we observed begins with the threat actors flooding users’ mailboxes at targeted organizations with a large volume of benign spam emails,” Talos explains. “After a few days, the actors call the victim, usually via Microsoft Teams, and direct them to initiate a Microsoft Quick Assist remote access session, helping them with the installation of the program if not already present on the user’s system.”

    Once the attacker gains access, they establish persistence, escalate privileges, and move laterally before deploying the ransomware.

    Talos recommends user awareness training as a layer of defense against these types of social engineering attacks.

    “Half of the engagements this quarter involved social engineering, potentially highlighting insufficient user education,” the researchers write. “This security weakness corresponds with the surge in phishing attacks, as users were manipulated to grant attackers access to their environments, with vishing proving to be particularly effective.

    Talos IR recommends raising awareness of phishing and social engineering techniques, as user education is a key part of spotting phishing attempts, countering MFA bypass techniques, and knowing where to report suspicious activity.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Cisco Talos has the story.

    Topics: Phishing Ransomware Security Culture

    See KnowBe4 Security Awareness Training in Action

    See how you can efficiently safeguard your organization from sophisticated social engineering threats.

    Request a Demo

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Cindy Zhou

    ABOUT CINDY ZHOU

    Cindy Zhou is an award-winning global executive serving as the Chief Marketing Officer of KnowBe4. With over 20 years of experience in B2B marketing, cybersecurity, revenue operations, and sales development, Cindy has a proven track record of building high-impact marketing organizations that drive qualified leads, robust sales pipelines, industry awareness, and customer loyalty.

    As CMO of KnowBe4, Cindy continues to leverage her extensive experience and industry insights to elevate the company's market presence and drive growth in the ever-evolving cybersecurity industry. Cindy's approach combines strategic vision with practical execution, enabling her to develop and implement marketing strategies that align with business objectives and drive measurable outcomes. Her leadership style fosters innovation, collaboration, and a data-driven mindset within her teams.

    Prior to KnowBe4, Cindy has successfully led marketing transformation initiatives at various technology companies, including LogRhythm, IBM, and Verizon.

    A passionate advocate for women in technology and cybersecurity, Cindy's contributions have been widely recognized in the industry. She has been named a Star CMO by DCA Live in 2023, 2021, and 2019. She was also named a Top 101 B2B Marketing Influencers by CMO Huddles in 2023, and a finalist for the CMO Club Customer Experience Award in 2021. Cindy earned an MBA from Louisiana State University and a BA from the University of Maryland.

    Read more from Cindy »

    Subscribe to Our Blog

    Posts By Topic

    View All